The credit card theft script was discovered by Visa Payment Fraud Disruption (PFD) researchers in February 2020, while a command and control was examined (C2) server that previously hosted an "ImageID web skimming kit".
Avoid detection and analysis
In addition to the standard basic scanning capabilities such as data exfiltration using image requests, Baka has advanced design which shows that it is a project of a specialized malware developer.
“The skimmer loads dynamically to avoid static malware scanners and uses unique parameters encryption for every victim to hide the malicious code ", says the Visa notice.
"The PFD estimates that this skimmer variant avoids detection and resolution by removing itself from memory when it detects dynamic resolution with Developer Tools or when data have been successfully exported. ”
Baka has been spotted by Visa in many online stores in various countries.
Visa recommends that financial institution members, e-commerce merchants, service providers and third-party providers refer to the document called "What To Do If Compromised" (WTDIC), which contains instructions on whether their payment systems are compromised.